ICS-BlockOpS: Blockchain for operational data security in industrial control system

Industrial Control Systems (ICS) are the backbone of critical infrastructure found in power, water, manufacturing and other industries. An ICS controls a physical plant through the use of sensors and actuators. A Historian sits on a plant network and receives, parses, and saves data and commands transmitted over the network, across the Programmable Logic Controllers (PLCs), sensors and actuators. This data has at least two uses. One use is to check for any process anomalies that may occur due to component failures and cyber attacks. The other use of this data, and the focus of this work, is to serve as critical input to off-line activities such as forensic analysis. A cyber attack on the Historian could jeopardize any forensic analysis be it for maintenance, or discovering an attack trail. In this work, a novel architecture, named ICS-BlockOpS, is proposed to secure plant operational data recorded in the Historian. ICS-BlockOpS is designed to enhance data security along two dimensions: immutability and redundancy. An integrity checking mechanism, in combination with blockchain, is used to ensure data integrity. Data redundancy is achieved by applying an efficient replication mechanism and enables data recovery after an attack. A prototype implementation of ICS-BlockOpS uses Ethereum blockchain in the local network as part of the tamper proofing mechanism. The implementation is in an operational six-stage water treatment plant. The underlying design ideas are generic and could be applied to other ICS as well.